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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 


A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 03 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- if NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )K Responsive to communication(s) filed on 09 February 2006 , 
2a)D This action is FINAL. 2b)[3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 19-21 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) Q Claim(s) is/are allowed. 

6) E3 Claim(s) 19-21 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) ^ The drawing(s) filed on 18 January 2002 is/are: a)E] accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 


Claims 19-21 are presented for examination. 


Claims 1-18 have been cancelled. 


Reopening of Prosecution After Appeal Brief 


2. In view of the Appeal Brief filed on 02/09/2006, PROSECUTION IS HEREBY 
REOPENED. A new ground of rejection is set forth below. 

To avoid abandonment of the application, appellant must exercise one of the 
following two options: 

(1 ) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply 
under 37 CFR 1.113 (if this Office action is final); or, 

(2) initiate a new appeal by filing a notice of appeal under 37 CFR 41 .31 followed 
by an appeal brief under 37 CFR 41 .37. The previously paid notice of appeal fee and 
appeal brief fee can be applied to the new appeal. If, however, the appeal fees set forth 
in 37 CFR 41 .20 have been increased since they were previously paid, then appellant 
must pay the difference between the increased fees and the amount previously paid. 

A Supervisory Patent Examiner (SPE) has approved of reopening prosecution by 
signing below: 
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Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

4. Claims 19 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Tuomenoksa et al. (herein after, Tuomenoksa), U.S. Pub. No. 2002/0023210 A1. 

Regarding claim 19, Tuomenoksa teaches a communication system comprising: 

a first communication device (i.e., gateway 1, Fig. 1A), said first communication 
device having a primary (or real) IP address (i.e., each gateway may be provided with a 
real or public address, page 8 paragraph [0091]), 

a plurality of second communication devices (i.e., gateway 2, and gateway 3, 
Fig. 6A) connectable to a public network (i.e., internet 620, Fig. 6A), 

a security access blocking apparatus (i.e., firewall 1590, Fig. 15) that provides 
the first communication device (i.e., Gateway 1510/gateway 1, Fig. 15) access to the 
public network (internet 620) and separates the first and second communication devices 
(Fig. 6A and Fig. 15), said security blocking apparatus normally allowing outgoing 
communication from said first communication device but normally disallowing incoming 
communication to said first communication device (i.e., firewall maybe configured to 
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allow traffic to originate from behind a firewall (outgoing communication) but not allow 
traffic in (incoming communication), page 16 paragraph [0165]), and 

secure hub (i.e., network operation center 610, Fig. 6A) including routing and 
switching functions (i.e., network operation center 610 includes switches 680 switch 
information or traffic between one or more of the subsystem 611-616 of the network 
operations center 610, and a proxy module 1520 that forwards/routes packets from one 
gateway to another and vice versa, Fig. 6A and Fig. 15 page 10 paragraph [01 14] and 
page 16 paragraph [0164]), interfaces (i.e., tunnel interface module 612, Fig. 6A) to the 
public network (i.e., Internet 620, Fig. 6A) (i.e., the tunnel interface module 612 may 
include a public addressable that permits establishing tunnels between the network 
operation centers 610 and gateways 650-652 through the Internet 620, Fig. 6 A page 10 
paragraph [105]), means in response to the first communication device (i.e., the 
Gateway 1510 may contact the controller module 614 to request enabling a tunnel, col. 
15 paragraph [0162] lines 8-10]) for establishing a single virtual pipe (i.e., a tunnel) 
between said secure hub and the first communication device for tunneling 
communication (i.e., the controller module 614 may then proceed to inform the first 
gateway 1510 through the control path to establish a tunnel 1531 to the proxy module 
1520, Fig. 15 pages 1 5-1 6 paragraph [0163] lines 9-14) and bypassing said 
security access blocking apparatus (i.e., proxy module 1520 may provide the capability 
to establish a tunnel by bypassing a firewall, page 16 paragraph [0165]), and means for 
assigning a secondary IP address (i.e., virtual IP address) to said first communication 
device (i.e., each gateway is provided a virtual/secondary address, which may be in an 
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IP format, page 8 paragraph [0091]) and associating said secondary IP address with 
said established single virtual pipe (i.e., each virtual IP address, which may be assigned 
and provided by the network operations center 610, may be only routable through 
tunnels enabled by network operations center 610 and established through the Internet 
620, page 8 paragraph [0093]). 


Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

6. Claims 20-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Tuomenoksa et al. (hereinafter, Tuomenoksa), U.S. Pub. No. 2002/0023210 A1, in 
view of McCann et al. (hereinafter, McCann), U.S. Patent No. 6,052,725. 

Regarding claim 20, Tuomenoksa teaches the communication in accordance 
with claim 19. 

Tuomenoksa does not explicitly teach means defining a pool of available IP 
address, said secure hub obtaining said secondary IP address from said IP address 
defining pool means. 
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McCann teaches a communication system wherein a pool of dynamic IP 
addresses is provided (see abstract). McCann teaches means defining a pool of 
available IP addresses (i.e., the remote network 32 has a remote pool of dynamic IP 
addresses 40, Fig.1, col. 5 lines 54-56), obtaining said dynamic IP address from said IP 
address defining pool means (i.e., receive a dynamic IP address from a remote pool of 
dynamic IP addresses 40, Fig. 1 col. 5 lines 32-65), 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention was made to incorporate the pool of available IP addresses as taught by 
McCann into the network operations center in Tuomenoksa. One would be motivated 
to do so to enable IP address to be dynamically assigned to a communication device 
automatically, and enable the IP address to be reclaimed from the communication 
device once the communication has ended. This would create faster response times by 
improving the dynamic IP addressing (McCann, col. 1 lines 56-58). 

Regarding claim 21, Tuomenoksa teaches a communication system (Fig. 6A 
and Fig. 15) comprising: 

a firewall (i.e., firewall 1590, Fig. 15), 

a first communication device (i.e., gateway 1510, Fig. 15) behind said firewall 
(i.e., the gateway 1510 is behind firewall 1590, Fig. 15 page 15 paragraph [0161]) and 
having a primary IP address (i.e., each gateway may be provided with a real or public 
address, page 8 paragraph [0091]), said firewall normally allowing outgoing 
communications from said first communication device but normally disallowing incoming 
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communications to said first device (i.e., firewall may be configured to allow traffic to 
originate from behind a firewall (outgoing communication) but not allow traffic in 
(incoming communication), page 16 paragraph [0165]), 
a public network (i.e., Internet 620, Fig. 6A), 

a plurality of second network devices (i.e., gateway 2, and gateway 3, Fig. 6A) 
connectable through said public network (i.e., internet 620, Fig. 6A), said public network 
being between said second communication devices and said first communication device 
(i.e., the virtual address, which may be in an IP format, may be used by gateways to 
establish one or more tunnels with each other through a base network, such as the 
Internet 620, Fig. 6A page 8 paragraph [0091]), 

a secure hub (i.e., network operation center 610, Fig. 6A), said secure hub 
including 

interfaces (i.e., tunnel interface module 612, Fig. 6A) connecting said 
secure hub to the public network (i.e., the tunnel interface module 612 may include a 
public addressable that permits establishing tunnels between the network operation 
centers 610 and gateways 650-652 through the Internet 620, Fig. 6 A page 10 
paragraph [105]), 

means in response to the first communication device (i.e., the Gateway 
1510 may contact the controller module 614 to request enabling a tunnel, col. 15 
paragraph [0162] lines 8-10]) for establishing a single virtual pipe (i.e., a tunnel) 
between the first communication device and said secure hub (i.e., the controller 
module 614 may then proceed to inform the first gateway 1510 through the 
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control path to establish a tunnel 1531 to the proxy module 1520/network 
operations center 610, Fig. 15 pages 15-16 paragraph [0163] lines 9-14), 

means for assigning an IP address to the established single virtual pipe 
(i.e., each gateway is provided a virtual/secondary address, which may be in an 
IP format. Each virtual IP address, which may be assigned and provided by the 
network operations center 610, may be only routable through tunnels enabled by 
network operations center 610 and established through the Internet 620, page 8 
paragraphs [0091] and [0093]), 

means for routing communications from any of the second communication 
devices (i.e., the proxy module 1520 forwards packets received from the second 
gateway 1530 to the first gateway 1510, Fig. 15 page 16 paragraph [0164]) and 
addressed to the first communication device to the established virtual pipe 
utilizing the assigned secondary IP address (i.e., packets addressed with a virtual 
IP address may be transported between gateways through tunnels established 
through a base network such as Internet 620, page 8 paragraph [0081]-page 9 
paragraph [0096]), 

means for tunneling said communications over the established virtual pipe 
to the first communication device thereby bypassing said firewall (i.e., proxy 
module 1520 may provide the capability to establish a tunnel by bypassing a 
firewall, page 16 paragraph [0165]). 

Tuomenoksa does not explicitly teach a pool of available IP addresses. 
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McCann, in the same field of endeavor, teaches a pool of available IP addresses 
(i.e., the remote network 32 has a remote pool of dynamic IP addresses 40, Fig.1, col. 5 
lines 54-56). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention was made to incorporate the pool of available IP addresses as taught by 
McCann into the network operations center in Tuomenoksa. One would be motivated 
to do so to enable IP address to be dynamically assigned to a communication device 
automatically, and enable the IP address to be reclaimed from the communication 
device once the communication has ended. This would create faster response times by 
improving the dynamic IP addressing (McCann, col. 1 lines 56-58). 


Conclusion 

7. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

a) Carrico et al., U.S. Pub. No. 2003/0135616 A1 , disclose clients 
communicate with each other while bypassing any network address translation device. 

b) Keane at al., USPN 6,996,628, discloses managing virtual addresses for 
virtual networks. 

c) Bendinelli et al., USPN 6,631 ,416 B2, disclose method and system for 
enabling a tunnel between two computers on a network. 

d) Boebert et al., USPN 6,772,332 B1 , disclose system and method for 
providing secure inter-network services via an assured pipeline 
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8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Oanh Duong whose telephone number is (571) 272- 
3983. The examiner can normally be reached on Monday- Friday, 9:30AM - 6:00PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Saleh Najjar can be reached on (571 ) 272-4006. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 



April 20, 2006 


